diff options
-rw-r--r-- | libraries/libglpng/libglpng-1.45-extra_cflags.patch (renamed from libraries/libglpng/patches/libglpng-1.45-extra_cflags.patch) | 0 | ||||
-rw-r--r-- | libraries/libglpng/libglpng-1.45-libpng15.patch (renamed from libraries/libglpng/patches/libglpng-1.45-libpng15.patch) | 36 | ||||
-rw-r--r-- | libraries/libglpng/libglpng.SlackBuild | 5 | ||||
-rw-r--r-- | libraries/libglpng/patches/libglpng-1.45-CVE-2010-1519.patch | 159 |
4 files changed, 21 insertions, 179 deletions
diff --git a/libraries/libglpng/patches/libglpng-1.45-extra_cflags.patch b/libraries/libglpng/libglpng-1.45-extra_cflags.patch index 16dd4db3fb67c..16dd4db3fb67c 100644 --- a/libraries/libglpng/patches/libglpng-1.45-extra_cflags.patch +++ b/libraries/libglpng/libglpng-1.45-extra_cflags.patch diff --git a/libraries/libglpng/patches/libglpng-1.45-libpng15.patch b/libraries/libglpng/libglpng-1.45-libpng15.patch index dcafea8fe319c..9308633536e9f 100644 --- a/libraries/libglpng/patches/libglpng-1.45-libpng15.patch +++ b/libraries/libglpng/libglpng-1.45-libpng15.patch @@ -2,9 +2,9 @@ diff -up libglpng-1.45.orig/include/GL/glpng.h~ libglpng-1.45.orig/include/GL/gl --- libglpng-1.45.orig/include/GL/glpng.h~ 2011-12-06 22:14:59.000000000 +0100 +++ libglpng-1.45.orig/include/GL/glpng.h 2011-12-06 22:15:48.900673919 +0100 @@ -57,7 +57,7 @@ extern "C" { - #define PNG_SIMPLEMIPMAP PNG_SIMPLEMIPMAPS + #define PNG_SIMPLEMIPMAP PNG_SIMPLEMIPMAPS
- /* Transparency parameters */ + /* Transparency parameters */
-#define PNG_CALLBACK -3 /* Call the callback function to generate alpha */ +#define PNG_CALLBACK_FUNC -3 /* Call the callback function to generate alpha */ #define PNG_ALPHA -2 /* Use alpha channel in PNG file, if there is one */ @@ -16,27 +16,27 @@ diff -up libglpng-1.45.orig/src/glpng.c~ libglpng-1.45.orig/src/glpng.c @@ -282,7 +282,11 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa if (!endinfo) return 0; - // DH: added following lines -+#if PNG_LIBPNG_VER >= 10400 -+ if (setjmp(png_jmpbuf(png))) -+#else - if (setjmp(png->jmpbuf)) -+#endif - { + // DH: added following lines
++#if PNG_LIBPNG_VER >= 10400
++ if (setjmp(png_jmpbuf(png)))
++#else
+ if (setjmp(png->jmpbuf))
++#endif
+ {
error: - png_destroy_read_struct(&png, &info, &endinfo); + png_destroy_read_struct(&png, &info, &endinfo);
@@ -402,7 +406,11 @@ int APIENTRY pngLoadF(FILE *fp, int mipm if (!endinfo) return 0; - // DH: added following lines -+#if PNG_LIBPNG_VER >= 10400 -+ if (setjmp(png_jmpbuf(png))) -+#else - if (setjmp(png->jmpbuf)) -+#endif - { + // DH: added following lines
++#if PNG_LIBPNG_VER >= 10400
++ if (setjmp(png_jmpbuf(png)))
++#else
+ if (setjmp(png->jmpbuf))
++#endif
+ {
error: - png_destroy_read_struct(&png, &info, &endinfo); + png_destroy_read_struct(&png, &info, &endinfo);
@@ -603,7 +611,7 @@ error: #define ALPHA *q diff --git a/libraries/libglpng/libglpng.SlackBuild b/libraries/libglpng/libglpng.SlackBuild index 7fbc0afac0028..56225553a277b 100644 --- a/libraries/libglpng/libglpng.SlackBuild +++ b/libraries/libglpng/libglpng.SlackBuild @@ -24,7 +24,7 @@ PRGNAM=libglpng VERSION=1.45 -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then @@ -69,7 +69,8 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -for i in $CWD/patches/* ; do patch -p1 < $i ; done +patch -p1 < $CWD/libglpng-1.45-extra_cflags.patch +patch -p1 < $CWD/libglpng-1.45-libpng15.patch make EXTRA_CFLAGS="$SLKCFLAGS" make install DOCDIR=$PKG/usr/doc/$PRGNAM-$VERSION DESTDIR=$PKG/usr diff --git a/libraries/libglpng/patches/libglpng-1.45-CVE-2010-1519.patch b/libraries/libglpng/patches/libglpng-1.45-CVE-2010-1519.patch deleted file mode 100644 index bc45ffe48ff0f..0000000000000 --- a/libraries/libglpng/patches/libglpng-1.45-CVE-2010-1519.patch +++ /dev/null @@ -1,159 +0,0 @@ -diff -up libglpng-1.45.orig/src/glpng.c.cve libglpng-1.45.orig/src/glpng.c ---- libglpng-1.45.orig/src/glpng.c.cve 2010-09-10 14:13:37.105046660 +0200 -+++ libglpng-1.45.orig/src/glpng.c 2010-09-10 14:14:46.158045715 +0200 -@@ -28,6 +28,7 @@ - #include <GL/glpng.h> - #include <GL/gl.h> - #include <stdlib.h> -+#include <stdint.h> - #include <math.h> - #include <png.h> - -@@ -259,9 +260,9 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa - png_structp png; - png_infop info; - png_infop endinfo; -- png_bytep data; -- png_bytep *row_p; -- double fileGamma; -+ png_bytep data = NULL; -+ png_bytep *row_p = NULL; -+ double fileGamma; - - png_uint_32 width, height; - int depth, color; -@@ -274,13 +275,19 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa - if (!png_check_sig(header, 8)) return 0; - - png = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL); -+ if (!png) return 0; - info = png_create_info_struct(png); -+ if (!info) return 0; - endinfo = png_create_info_struct(png); -+ if (!endinfo) return 0; - - // DH: added following lines - if (setjmp(png->jmpbuf)) - { -+error: - png_destroy_read_struct(&png, &info, &endinfo); -+ free(data); -+ free(row_p); - return 0; - } - // ~DH -@@ -303,8 +310,16 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa - - png_read_update_info(png, info); - -+ /* HDG: We allocate all the png data in one linear array, thus -+ height * png_get_rowbytes() may not be > PNG_UINT_32_MAX ! -+ This check fixes CVE-2010-1519. */ -+ if ((uint64_t)height * png_get_rowbytes(png, info) > PNG_UINT_32_MAX) -+ goto error; -+ - data = (png_bytep) malloc(png_get_rowbytes(png, info)*height); - row_p = (png_bytep *) malloc(sizeof(png_bytep)*height); -+ if (!data || !row_p) -+ goto error; - - for (i = 0; i < height; i++) { - if (StandardOrientation) -@@ -315,6 +330,7 @@ int APIENTRY pngLoadRawF(FILE *fp, pngRa - - png_read_image(png, row_p); - free(row_p); -+ row_p = NULL; - - if (color == PNG_COLOR_TYPE_PALETTE) { - int cols; -@@ -365,9 +381,10 @@ int APIENTRY pngLoadF(FILE *fp, int mipm - png_structp png; - png_infop info; - png_infop endinfo; -- png_bytep data, data2; -- png_bytep *row_p; -- double fileGamma; -+ png_bytep data = NULL; -+ png_bytep data2 = NULL; -+ png_bytep *row_p = NULL; -+ double fileGamma; - - png_uint_32 width, height, rw, rh; - int depth, color; -@@ -378,13 +395,20 @@ int APIENTRY pngLoadF(FILE *fp, int mipm - if (!png_check_sig(header, 8)) return 0; - - png = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL); -+ if (!png) return 0; - info = png_create_info_struct(png); -+ if (!info) return 0; - endinfo = png_create_info_struct(png); -+ if (!endinfo) return 0; - - // DH: added following lines - if (setjmp(png->jmpbuf)) - { -+error: - png_destroy_read_struct(&png, &info, &endinfo); -+ free(data); -+ free(data2); -+ free(row_p); - return 0; - } - // ~DH -@@ -442,8 +466,16 @@ int APIENTRY pngLoadF(FILE *fp, int mipm - - png_read_update_info(png, info); - -+ /* HDG: We allocate all the png data in one linear array, thus -+ height * png_get_rowbytes() may not be > PNG_UINT_32_MAX ! -+ This check fixes CVE-2010-1519. */ -+ if ((uint64_t)height * png_get_rowbytes(png, info) > PNG_UINT_32_MAX) -+ goto error; -+ - data = (png_bytep) malloc(png_get_rowbytes(png, info)*height); - row_p = (png_bytep *) malloc(sizeof(png_bytep)*height); -+ if (!data || !row_p) -+ goto error; - - for (i = 0; i < height; i++) { - if (StandardOrientation) -@@ -454,6 +486,7 @@ int APIENTRY pngLoadF(FILE *fp, int mipm - - png_read_image(png, row_p); - free(row_p); -+ row_p = NULL; - - rw = SafeSize(width), rh = SafeSize(height); - -@@ -461,6 +494,8 @@ int APIENTRY pngLoadF(FILE *fp, int mipm - const int channels = png_get_rowbytes(png, info)/width; - - data2 = (png_bytep) malloc(rw*rh*channels); -+ if (!data2) -+ goto error; - - /* Doesn't work on certain sizes */ - /* if (gluScaleImage(glformat, width, height, GL_UNSIGNED_BYTE, data, rw, rh, GL_UNSIGNED_BYTE, data2) != 0) -@@ -471,6 +506,7 @@ int APIENTRY pngLoadF(FILE *fp, int mipm - width = rw, height = rh; - free(data); - data = data2; -+ data2 = NULL; - } - - { /* OpenGL stuff */ -@@ -540,6 +576,12 @@ int APIENTRY pngLoadF(FILE *fp, int mipm - png_bytep p, endp, q; - int r, g, b, a; - -+ /* HDG another potential 32 bit address overflow, the -+ original png had 3 channels and we are going to -+ 4 channels now! */ -+ if ((uint64_t)width * height > (PNG_UINT_32_MAX >> 2)) -+ goto error; -+ - p = data, endp = p+width*height*3; - q = data2 = (png_bytep) malloc(sizeof(png_byte)*width*height*4); - |